function ensure_init()
{
global $scoper;
if (!isset($scoper) || is_null($scoper)) {
require_once SCOPER_ABSPATH . '/role-scoper_main.php';
$scoper = new Scoper();
scoper_init();
}
if (empty($scoper->data_sources)) {
$scoper->load_config();
}
}
function identify_protected_posts($attachment_id = 0, $attachments = false, $cols = '', $args = array())
{
$defaults = array('use_object_restrictions' => true, 'use_term_restrictions' => true, 'use_private_status' => true, 'guid' => '');
$args = array_merge($defaults, (array) $args);
extract($args);
global $wpdb, $scoper;
if (!isset($scoper) || is_null($scoper)) {
scoper_get_init_options();
scoper_init();
}
if (empty($scoper->taxonomies)) {
$scoper->load_config();
}
$restricted_roles = array();
$unrestricted_roles = array();
// TODO: also protect uploads based on restriction of other taxonomies
$restricted_terms = array();
$restricted_objects = array();
$term_restriction_clause = '';
$object_restriction_clause = '';
$limit_clause = '';
$unattached_clause = '';
global $scoper;
$reader_roles = array();
foreach ($scoper->role_defs->role_caps as $role_handle => $role_caps) {
$caps_by_op = $scoper->cap_defs->organize_caps_by_op(array_keys($role_caps));
if (count($caps_by_op) == 1 && 'read' == key($caps_by_op)) {
$reader_roles[] = $role_handle;
}
}
$role_clause = "AND rs.role_name IN ('" . implode("','", scoper_role_handles_to_names($reader_roles)) . "')";
//if ( $use_private_status )
// $role_clause = ( 'rs' == SCOPER_ROLE_TYPE ) ? "AND rs.role_name IN ('post_reader', 'page_reader')" : ''; // if also checking for private status, don't need to check for restriction of private_reader roles
//else
// $role_clause = ( 'rs' == SCOPER_ROLE_TYPE ) ? "AND rs.role_name IN ('post_reader', 'page_reader', 'private_post_reader', 'private_page_reader')" : '';
if ($use_term_restrictions) {
$term_restriction_query = "SELECT rs.obj_or_term_id AS term_id, rs.role_name, rs.max_scope FROM {$wpdb->role_scope_rs} AS rs " . "INNER JOIN {$wpdb->term_taxonomy} AS tt ON tt.taxonomy = rs.src_or_tx_name AND tt.taxonomy = 'category' AND tt.term_taxonomy_id = rs.obj_or_term_id " . "WHERE rs.role_type = 'rs' AND rs.require_for IN ('entity', 'both') AND rs.topic = 'term' {$role_clause}";
$term_default_restriction_query = "SELECT rs.role_name FROM {$wpdb->role_scope_rs} AS rs " . "WHERE rs.role_type = 'rs' AND rs.require_for IN ('children', 'both') AND rs.topic = 'term' AND rs.max_scope = 'term' AND rs.src_or_tx_name = 'category' AND rs.obj_or_term_id = '0' {$role_clause}";
$all_terms = array();
$all_terms['category'] = $scoper->get_terms('category', false, COL_ID_RS);
if ($results = scoper_get_results($term_restriction_query)) {
foreach ($results as $row) {
if ('blog' == $row->max_scope) {
$unrestricted_roles['category'][$row->role_name][] = $row->term_id;
} else {
$restricted_roles['category'][$row->role_name][] = $row->term_id;
}
}
}
// if there a role is default-restricted, mark all terms as restricted (may be unrestricted later)
if ($results = scoper_get_col($term_default_restriction_query)) {
foreach ($results as $role_name) {
if (isset($unrestricted_roles['category'][$role_name])) {
$default_restricted = array_diff($all_terms['category'], $unrestricted_roles['category'][$role_name]);
} else {
$default_restricted = $all_terms['category'];
}
if (isset($restricted_roles['category'][$role_name])) {
$restricted_roles['category'][$role_name] = array_unique(array_merge($restricted_roles['category'][$role_name], $default_restricted));
} else {
$restricted_roles['category'][$role_name] = $default_restricted;
}
}
}
$restricted_terms['category'] = isset($restricted_roles['category']) ? agp_array_flatten($restricted_roles['category']) : array();
if ($restricted_terms['category']) {
$term_restriction_clause = "OR post_parent IN ( SELECT {$wpdb->posts}.ID FROM {$wpdb->posts} " . "INNER JOIN {$wpdb->term_relationships} AS tr ON tr.object_id = {$wpdb->posts}.ID " . "WHERE tr.term_taxonomy_id IN ('" . implode("','", $restricted_terms['category']) . "') )";
}
}
if ($attachment_id) {
if (is_array($attachment_id)) {
$id_clause = "AND ID IN ('" . implode("','", $attachment_id) . "')";
} else {
$id_clause = "AND ID = '{$attachment_id}'";
$limit_clause = 'LIMIT 1';
}
} elseif ($guid) {
$id_clause = "AND guid = '{$file_path}'";
} else {
$id_clause = '';
}
if (defined('SCOPER_NO_THUMBNAIL_FILTER')) {
if ($thumbnail_ids = scoper_get_col("SELECT DISTINCT meta_value FROM {$wpdb->postmeta} WHERE meta_key = '_thumbnail_id'")) {
$id_clause .= " AND ID NOT IN ('" . implode("','", $thumbnail_ids) . "')";
}
}
if ($attachments) {
// to reduce pool of objects, we only care about those that have an attachment
$attachment_query = "SELECT {$wpdb->posts}.ID FROM {$wpdb->posts} WHERE {$wpdb->posts}.ID IN ( SELECT post_parent FROM {$wpdb->posts} WHERE post_type = 'attachment' {$id_clause} ) ";
}
if ($use_object_restrictions) {
$object_restriction_query = "SELECT rs.obj_or_term_id AS obj_id, rs.role_name, rs.max_scope FROM {$wpdb->role_scope_rs} AS rs " . "WHERE rs.role_type = 'rs' AND rs.require_for IN ('entity', 'both') AND rs.topic = 'object' AND rs.src_or_tx_name = 'post' {$role_clause} AND rs.obj_or_term_id IN ( {$attachment_query} )";
$object_default_restriction_query = "SELECT rs.role_name FROM {$wpdb->role_scope_rs} AS rs " . "WHERE rs.require_for IN ('children', 'both') AND rs.topic = 'object' AND rs.max_scope = 'object' AND rs.src_or_tx_name = 'post' AND rs.obj_or_term_id = '0' {$role_clause}";
$all_objects = array();
$all_objects['post'] = scoper_get_col($attachment_query);
$restricted_roles = array();
$unrestricted_roles = array();
if ($results = scoper_get_results($object_restriction_query)) {
foreach ($results as $row) {
if ('blog' == $row->max_scope) {
$unrestricted_roles['post'][$row->role_name][] = $row->obj_id;
} else {
$restricted_roles['post'][$row->role_name][] = $row->obj_id;
}
}
}
// if there a role is default-restricted, mark all terms as restricted (may be unrestricted later)
if ($results = scoper_get_col($object_default_restriction_query)) {
foreach ($results as $role_name) {
if (isset($unrestricted_roles['category'][$role_name])) {
$default_restricted = array_diff($all_terms['post'], $unrestricted_roles['post'][$role_name]);
} else {
$default_restricted = $all_objects['post'];
}
if (isset($restricted_roles['post'][$role_name])) {
$restricted_roles['post'][$role_name] = array_unique(array_merge($restricted_roles['post'][$role_name], $default_restricted));
} else {
$restricted_roles['post'][$role_name] = $default_restricted;
}
}
}
if (!empty($restricted_roles)) {
$restricted_objects['post'] = array_unique(agp_array_flatten($restricted_roles['post']));
if ($restricted_objects['post']) {
$object_restriction_clause = "OR post_parent IN ( SELECT ID FROM {$wpdb->posts} WHERE ID IN ('" . implode("','", $restricted_objects['post']) . "') )";
}
}
}
if ($use_private_status) {
$status_query = "AND post_parent IN ( SELECT {$wpdb->posts}.ID FROM {$wpdb->posts} WHERE {$wpdb->posts}.post_status = 'private' )";
}
if ($attachments) {
$attachment_type_clause = "post_type = 'attachment' AND";
$unattached_clause = defined('SCOPER_BLOCK_UNATTACHED_UPLOADS') ? " OR post_parent < 1" : '';
}
$single_col = false;
if (COLS_ALL_RS === $cols) {
$query_cols = '*';
} elseif (COL_ID_RS == $cols) {
$query_cols = 'ID';
$single_col = true;
} elseif (COLS_ID_DISPLAYNAME_RS == $cols) {
if ($attachment) {
$query_cols = 'ID, post_title, guid';
} else {
$query_cols = 'ID, post_title';
}
} else {
if ($attachments) {
$query_cols = 'ID, guid';
} else {
$query_cols = 'ID';
$single_col = true;
}
}
$query = "SELECT {$query_cols} FROM {$wpdb->posts} WHERE {$attachment_type_clause} ( 1=1 {$status_query} {$term_restriction_clause} {$object_restriction_clause} {$unattached_clause} ) {$id_clause} ORDER BY ID DESC {$limit_clause}";
if ($attachment_id && !is_array($attachment_id)) {
if ($single_col) {
$results = scoper_get_var($query);
} else {
$results = scoper_get_row($query);
}
} else {
if ($single_col) {
$results = scoper_get_col($query);
} else {
$results = scoper_get_results($query);
}
}
return $results;
}
function scoper_mod_rewrite_rules($rules)
{
if (defined('SCOPER_NO_HTACCESS')) {
return $rules;
}
$file_filtering = scoper_get_option('file_filtering');
global $scoper;
if (!isset($scoper) || is_null($scoper)) {
scoper_init();
}
require_once dirname(__FILE__) . '/rewrite-rules_rs.php';
if (IS_MU_RS) {
if ($file_filtering) {
require_once dirname(__FILE__) . '/rewrite-mu_rs.php';
$rules = ScoperRewriteMU::insert_site_rules($rules);
}
} else {
if (!strpos($rules, 'BEGIN Role Scoper')) {
$rs_rules = ScoperRewrite::build_site_rules();
$rules .= $rs_rules;
}
}
return $rules;
}
